Elasticsearch: Default action.auto_create_index to false?

Created on 25 Mar 2017  路  12Comments  路  Source: elastic/elasticsearch

Today we default action.auto_create_index to true. There is potential for this to be a dangerous default. In production, it means that indices might not be created with the appropriate number of primary shards and replicas, and that analyzers and mappings might not be set up before any data is indexed. It means that a wide range of PUT and POST requests against the cluster create indices (I've seen vulnerability scanners accidentally create too many indices, hurting the cluster). The question put forth here is: should we change the default to false?

Note: this issue is not a proposal, this issue is being opened for discussion to solicit feedback from the community.

:CorFeatureIndices APIs >breaking >enhancement CorFeatures
Source
picture jasontedor
👍3

Most helpful comment

If we were to change the default to false, the outcomes would be:

  • You have to explicitly create an index (even an empty index) before indexing a document
  • Or you have to have a template which matches the index

The downside of removing auto-create during development is small: you just run PUT test before continuing.

In production, you almost never want a completely unmapped index to spring into existence (and if you did want that, putting an empty template which matches * would resolve that).

I'm leaning towards changing the default to false.

picture clintongormley on 28 Mar 2017
👍3

All 12 comments

For the record, there is a discussion at #20640 about moving index auto creation control to templates.

jpountz picture jpountz on 27 Mar 2017

Indeed, where there is a proposal to ship with a default template matching * that has action.auto_create_index set to true. If there is agreement here to default action.auto_create_index to false, I think that the response to #20640 would be to not ship with a default template matching * with action.auto_create_index set to true.

jasontedor picture jasontedor on 28 Mar 2017

If we were to change the default to false, the outcomes would be:

  • You have to explicitly create an index (even an empty index) before indexing a document
  • Or you have to have a template which matches the index

The downside of removing auto-create during development is small: you just run PUT test before continuing.

In production, you almost never want a completely unmapped index to spring into existence (and if you did want that, putting an empty template which matches * would resolve that).

I'm leaning towards changing the default to false.

clintongormley picture clintongormley on 28 Mar 2017
👍3

Does this imply that we would still do the index creation automatically but only in case there is a matching template? So the index creation step will not be mandatory at all times?

javanna picture javanna on 28 Mar 2017

Does this imply that we would still do the index creation automatically but only in case there is a matching template? So the index creation step will not be mandatory at all times?

Correct - if there is a matching template, the index can be created automatically (although we have spoken about setting in the template which allows this behaviour to be disabled).

Regarding the above para: why would you have a template if you don't want indices to be created automatically? One possible reason: the rollover API. Any others?

clintongormley picture clintongormley on 28 Mar 2017

why would you have a template if you don't want indices to be created automatically?

Templates and indices may be created/managed by different people? Don't we want to still apply templates to indices that are manually created (although what is in the request has the precedence)?

javanna picture javanna on 28 Mar 2017

fair enough

clintongormley picture clintongormley on 28 Mar 2017

How would this work with the rollover API?

Another possibility (sake of argument, no idea if this makes sense or not): What if this were handled much like the whitelisting of backup locations? You could whitelist patterns you approve of auto-creating and disapprove of everything else.

Not really sure that would buy very much though.....

neuroticnetworks picture neuroticnetworks on 7 Apr 2017

@evanv This is already possible (specifying a pattern) and solves the rollover problem too.

jasontedor picture jasontedor on 7 Apr 2017

It appears that a consensus was reached on this issue, does this need further discussion @jasontedor or can it be marked "adopt me"?

dakrone picture dakrone on 20 Mar 2018

Pinging @elastic/es-core-infra

elasticmachine picture elasticmachine on 20 Mar 2018

Any updates on this? I understand changing the default would be breaking, but one way to avoid that _and_ put a little more control in the hands of developers would be to allow specifying/overriding the behavior directly in calls to the Index API. In my case I control the code that builds and queries indexes but not necessarily the cluster deployments, and I can't trust that action.auto_create_index is always false. So I do an extra call to be sure, and cache the result (to avoid lots of extra calls), which works fine, but it would sure be a lot more convenient if the index call would just fail and tell me when the index doesn't exist.

tmenier picture tmenier on 23 Apr 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

clintongormley picture clintongormley  路  3Comments
ttaranov picture ttaranov  路  3Comments
martijnvg picture martijnvg  路  3Comments
dadoonet picture dadoonet  路  3Comments
jasontedor picture jasontedor  路  3Comments